I really do not like the idea behind this category. We might as
well include most MS-based protocols, and most TCP services. The
fact that a service is present and has a history of being a point of
entry on some systems is not a vulnerability. That's like saying
that the presence of computers tends to enable hacking -- take away
the computers, and you no longer have break-ins!
--spaf